E NROLLMENT I DENTITY P ROOFING 17 T hi s pub lic at ion is av a ila bl e f ree o f c h a rge f rom : ht tp s : d oi .or g 10. 6 028 N IS T.S P .8 -6 3a Strength Qualities of Identity Evidence • The: o Issued evidence contains a photograph or biometric template of any modality of the person to whom it relates, OR o Applicant proves possession of an AAL2 authenticator bound to an IAL2 identity, at a minimum. • Where the issued evidence includes digital information, that information is protected using cryptographic or proprietary methods, or both, and those methods ensure the integrity of the information and enable the authenticity of the claimed issuing source to be confirmed. • Where the issued evidence contains physical security features, it requires proprietary knowledge and proprietary technologies to be able to reproduce it. • The evidence is unexpired. Superior • The issuing source of the evidence confirmed the claimed identity by following written procedures designed to enable it to have high confidence that the source knows the real-life identity of the subject. Such procedures shall be subject to recurring oversight by regulatory or publicly accountable institutions. • The issuing source visually identified the applicant and performed further checks to confirm the existence of that person. • The issuing process for the evidence ensured that it was delivered into the possession of the person to whom it relates. • The evidence contains at least one reference number that uniquely identifies the person to whom it relates. • The full name on the evidence must be the name that the person was officially known by at the time of issuance. Not permitted are pseudonyms, aliases, an initial for surname, or initials for all given names. • The evidence contains a photograph of the person to whom it relates. • The evidence contains a biometric template of any modality of the person to whom it relates. • The evidence includes digital information, the information is protected using cryptographic or proprietary methods, or both, and those methods ensure the integrity of the information and enable the authenticity of the issuing source to be confirmed. • The evidence includes physical security features that require proprietary knowledge and proprietary technologies to be able to reproduce it. • The evidence is unexpired.

5.2.2 Validating Identity Evidence

Once the CSP obtains the identity evidence, the accuracy, authenticity, and integrity of the evidence and related information is checked against authoritative sources in order to determine that the presented evidence: • Is genuine, authentic, and not a counterfeit, fake, or forgery; E NROLLMENT I DENTITY P ROOFING 18 T hi s pub lic at ion is av a ila bl e f ree o f c h a rge f rom : ht tp s : d oi .or g 10. 6 028 N IS T.S P .8 -6 3a • Contains information that is correct; and • Contains information that relates to a real-life subject. Table 5-2 lists strengths, ranging from unacceptable to superior, of identity validation performed by the CSP to validate the evidence presented for the current proofing session and the information contained therein. Table 5-2 Validating Identity Evidence Strength Methods Performed by the CSP Unacceptable • Evidence validation was not performed, or validation of the evidence failed. Weak • All personal details from the evidence have been confirmed as valid by comparison with information held or published by an authoritative source. Fair • Attributes contained in the evidence have been confirmed as valid by comparison with information held or published by the issuing source or authoritative sources, OR • The evidence has been confirmed as genuine using appropriate technologies, confirming the integrity of physical security features and that the evidence is not fraudulent or inappropriately modified, OR • The evidence has been confirmed as genuine by trained personnel, OR • The evidence has been confirmed as genuine by confirmation of the integrity of cryptographic security features. Strong • The evidence has been confirmed as genuine: o using appropriate technologies, confirming the integrity of physical security features and that the evidence is not fraudulent or inappropriately modified, OR o by trained personnel and appropriate technologies, confirming the integrity of the physical security features and that the evidence is not fraudulent or inappropriately modified, OR o by confirmation of the integrity of cryptographic security features. • All personal details and evidence details have been confirmed as valid by comparison with information held or published by the issuing source or authoritative sources. E NROLLMENT I DENTITY P ROOFING 19 T hi s pub lic at ion is av a ila bl e f ree o f c h a rge f rom : ht tp s : d oi .or g 10. 6 028 N IS T.S P .8 -6 3a Strength Methods Performed by the CSP Superior • The evidence has been confirmed as genuine by trained personnel and appropriate technologies including the integrity of any physical and cryptographic security features. • All personal details and evidence details from the evidence have been confirmed as valid by comparison with information held or published by the issuing source or authoritative sources. Training requirements for personnel validating evidence SHALL be based on the policies, guidelines, or requirements of the CSP or RP.

5.3 Identity Verification